Ars Technica

RSA SecurID software token cloning: a new how-to

A researcher has devised a method that attackers with control over a victim’s computer can use to clone the secret software token that RSA’s SecurID uses to generate one-time passwords. The technique, ...
CNET

RSA releases SecurID Software Token for iPhone and iPod Touch

RSA has released an iPhone app that can be used to provide SecurID access via a software token on the iPhone and iPod Touch replacing the traditional SecurID key fob token. David Martin David Martin ...
CSOonline

Python GitHub token leak shows binary files can burn developers too

Scrubbing tokens from source code is not enough, as shown by the publishing of a Python Software Foundation access token with administrator privileges to a container image on Docker Hub. A personal ...

Home Depot exposed access to internal systems for a year, says researcher

A security researcher tried to alert Home Depot to the security lapse exposing its backend GitHub source code repos and other internal cloud systems, but was ignored.
SiliconANGLE

Three-quarters of mobile applications found to contain valid AWS access tokens

A disturbing new report finds that three-quarters of mobile applications analyzed contained valid Amazon Web Services Inc. access tokens that allowed access to private AWS cloud services. The findings ...
ZDNet

Singapore security firm hopes mobile software token will plug hardware holes

Singapore's state-owned security vendor, Assurity Trusted Solutions, is hoping its introduction of a mobile software token will resolve common user grievances associated with hardware tokens and ...
Ars Technica

RSA SecurID software token cloning: a new how-to

The attack bypasses protections built in RSA's 2-factor authentication system. Weird, I'd never would have made a windows app for the rsa thingy; that's just asking for it to be compromised. If you ...